#
# {{ ansible_managed }}
#


{% if nginx_default_sites is defined and "harstorage" in nginx_default_sites %}
  {% set default_site = "default_server" %}
{% else %}
  {% set default_site = "" %}
{% endif %}

upstream harstorage_app_server {
{% for host in harstorage_gunicorn_hosts %}
    server {{ host }}:{{ harstorage_gunicorn_port }} fail_timeout=0;
{% endfor %}
}

server {
  server_name {{ HARSTORAGE_HOSTNAME }};

  {% if NGINX_ENABLE_SSL %}

  listen {{ HARSTORAGE_NGINX_PORT }} {{ default_site }};
  listen {{ HARSTORAGE_SSL_NGINX_PORT }} ssl;

  ssl_certificate /etc/ssl/certs/{{ NGINX_SSL_CERTIFICATE|basename }};
  ssl_certificate_key /etc/ssl/private/{{ NGINX_SSL_KEY|basename }};
  # request the browser to use SSL for all connections
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

  {% else %}
  listen {{ HARSTORAGE_NGINX_PORT }} {{ default_site }};
  {% endif %}

  location ~ ^/static/(?P<file>.*) {
    root {{ COMMON_DATA_DIR }}/{{ harstorage_role_name }};
    try_files /staticfiles/$file =404;
  }

  location / {
    try_files $uri @proxy_to_app;
  }

  {% if NGINX_ROBOT_RULES|length > 0 %}
  location /robots.txt {
      root {{ nginx_app_dir }};
      try_files $uri /robots.txt =404;
  }
  {% endif %}

  location @proxy_to_app {
    {% if NGINX_SET_X_FORWARDED_HEADERS %}
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-For $remote_addr;
    {% else %}
    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
    proxy_set_header X-Forwarded-For $http_x_forwarded_for;
    {% endif %}
    proxy_set_header Host $http_host;

    proxy_redirect off;
    proxy_pass http://harstorage_app_server;
  }

  # Forward to HTTPS if we're an HTTP request...
  if ($http_x_forwarded_proto = "http") {
    set $do_redirect "true";
  }

  # Run our actual redirect...
  if ($do_redirect = "true") {
    rewrite ^ https://$host$request_uri? permanent;
  }
}
